March 2023

You Are The Weakest Link, GoodLFI

In February 2023, we completed a web application security assessment for a new client within the legal field. What followed was a series of hurdles, followed by jumps and yet more hurdles, to eventually end up with a full working attack chain and LFI.

The Real Risks of TLS / SSL Issues

Within almost 99% of web application penetration tests, there is usually at least one TLS / SSL related issue. Typically these are either reported as a Low CVSS score, or sometimes creeping into a Medium, depending on the application and its uses. We wanted to provide an informative article highlighting the real risks of these issues and how they can negatively impact the security of organisations.